Daily NCSC-FI news followup 2020-02-25
Mobile malware evolution 2019
securelist.com/mobile-malware-evolution-2019/96280/
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
Firefox enables DNS-over-HTTPS by default (with Cloudflare) for all U.S. users
thehackernews.com/2020/02/firefox-dns-over-https.html
Install Latest Chrome Update to Patch 0-Day Bug Under Active Attacks
thehackernews.com/2020/02/google-chrome-zero-day.html
New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers
thehackernews.com/2020/02/opensmtpd-email-vulnerability.html
Why Minimizing Human Error is the Only Viable Defense Against Spear Phishing
thehackernews.com/2020/02/spear-phishing-cybersecurity.html
Quick look at a couple of current online scam campaigns
Firefox for Mac and Linux to get a new security sandbox system
www.zdnet.com/article/firefox-for-mac-and-linux-to-get-a-new-security-sandbox-system/ RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app’s internal components — namely its third-party libraries — from the app’s core engine.
RSAC 2020 Keynote: Changing the Worlds False Perception of Cybersecurity
threatpost.com/rsac-2020-keynote-changing-the-worlds-false-perception-of-cybersecurity/153203/ We are only as good as the story we leave behind, he said. The story we want is a business story of cyber resilience, not a technical story of cyber ping pong.. The struggle that we often see in these types of stories engenders pity and fear, but its not one of the defender, but one of the protected.
Sen. Schumer Pushes for TSA Employee Ban on TikTok App at Work
threatpost.com/sen-schumer-pushes-for-tsa-employee-ban-on-tiktok-app-at-work/153192/ The Department of Homeland Security and two U.S. military branches already had discontinued use of the app based on concerns over Chinese data-security and censorship practices.
Microsoft previews Microsoft Defender ATP for Linux
www.zdnet.com/article/microsoft-previews-microsoft-defender-atp-for-linux/
UK financial watchdog admits to leaking confidential consumer data
www.zdnet.com/article/uk-financial-watchdog-admits-to-leaking-confidential-consumer-data/#ftag=RSSbaffb68 A Freedom of Information Act request published on the FCA website revealed more than it should.
ASIO: Relentless advance of technology was outstripping our capabilities
www.zdnet.com/article/asio-relentless-advance-of-technology-was-outstripping-our-capabilities/ Australian Security Intelligence Organisation (ASIO) Director-General of Security Mike Burgess has praised the introduction of new powers such as those contained within Australia’s encryption legislation to help the spy agency combat the new battleground that technology has created.
Australian banks targeted by DDoS extortionists
www.zdnet.com/article/australian-banks-targeted-by-ddos-extortionists/ Hackers are sending emails to banks asking for large payments in Monero, and threatening DDoS attacks if their demands aren’t met.
North Korea Is Recycling Mac Malware. That’s Not the Worst Part
www.wired.com/story/malware-reuse-north-korea-lazarus-group/ Lazarus Group hackers have long plagued the internetusing at least one tool they picked up just by looking around online.
Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments
www.theregister.co.uk/2020/02/25/fido2_azure_ad_hybrid/
New Mozart Malware Gets Commands, Hides Traffic Using DNS
www.bleepingcomputer.com/news/security/new-mozart-malware-gets-commands-hides-traffic-using-dns/
PayPal Users Hit With Fraudulent ‘Target’ Charges via Google Pay
www.bleepingcomputer.com/news/security/paypal-users-hit-with-fraudulent-target-charges-via-google-pay/ Hackers are using an unknown method to make fraudulent charges on PayPal accounts linked via GooglePay. These transactions are being charged through Target stores or Starbucks in the United States even though the account holders are in Germany.
DoppelPaymer Ransomware Launches Site to Post Victim’s Data
www.bleepingcomputer.com/news/security/doppelpaymer-ransomware-launches-site-to-post-victims-data/ The operators of the DoppelPaymer Ransomware have launched a site that they will use to shame victims who do not pay a ransom and to publish any files that were stolen before computers were encrypted.
Credit Card Skimmer Running on 13 Sites, Despite Notification
www.bleepingcomputer.com/news/security/credit-card-skimmer-running-on-13-sites-despite-notification/ The tally of shopping websites infected by MageCart Group 12 with JavaScript that steals payment card info is seeing a sharp increase. Nearly 40 new victims have been discovered.
